A verification method or apparatus applied in a Wireless Local Area Network (WLAN) includes learning an Internet Protocol (IP) address assigned to a station; sending the IP address to a managing device that is managing the access device and receiving, from the managing device, a determination of whether the IP address is used by another station; and verifying a data packet sent by the station by using an IP address that is not used by another station as reported by the managing device.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A verification method to be applied in a Wireless Local Area Network (WLAN), comprising: learning, by an access device, an Internet Protocol (IP) address assigned to a station; sending the IP address to a managing device that is managing the access device; receiving, from the managing device, a determination of whether the IP address is used by another station; in response to the determination from the managing device indicating that the IP address is not used by another station, recording, by the access device, the IP address in a first IP address table corresponding to the station; receiving a data packet from the station; and verifying, by the access device, whether to forward the data packet sent by the station by determining whether a source IP address carried in the data packet is included in the first IP address table.
A method for verifying devices on a Wi-Fi network involves an access point learning the IP address assigned to a wireless station. This IP address is sent to a central management device controlling the access point. The management device confirms whether the IP address is already in use. If the IP address is unique, the access point stores it in an IP address table associated with that station. When the access point receives a data packet from the station, it checks if the packet's source IP address is in the station's IP address table. If the source IP matches a valid IP, the data packet can proceed.
2. The method of claim 1 , further comprising: performing a source Media Access Control (MAC) address verification; and wherein verifying whether to forward the data packet sent by the station, further comprises verifying whether to forward the data packet after the data packet passes the MAC address verification.
In addition to the method described in Claim 1, the access point also performs a MAC address verification on data packets. The access point only verifies the IP address of a data packet after it has passed the MAC address verification. Thus, both the MAC address and IP address must be valid before the data packet is forwarded.
3. The method of claim 1 , wherein the another station and the station belong to the same link.
The verification method described in Claim 1 is applicable when both the station being verified and the "another station" (the one possibly using the same IP) are on the same network segment or link. This means the IP address conflict is happening within the same broadcast domain.
4. The method of claim 1 , further comprising: forwarding the data packet in response to the source IP address being included in the first IP address table; and not forwarding the data packet in response to the source IP address not being included in the first IP address table.
Based on the verification method described in Claim 1, the access point forwards a data packet if its source IP address is found in the station's IP address table. Conversely, if the source IP address is not found in the table, the access point does not forward the packet, effectively blocking it.
5. The method of claim 4 , further comprising: in response to the source IP address not being included in the first IP table: discarding the data packet; recording a number of discarded data packets corresponding to the station; determining whether the number of the discarded data packets corresponding to the station is larger than a preset threshold in a preset time period, and in response to the number of the discarded data packets corresponding to the station being larger than the preset threshold in the preset time period, identifying the station as an illegal user.
Building upon the method in Claim 4, when a data packet's source IP address is not in the allowed IP address table, the access point discards the packet. It then increments a counter of discarded packets for that station. If this counter exceeds a pre-defined threshold within a specific time frame, the system flags the station as a potentially unauthorized or illegal user.
6. The method of claim 1 , wherein recording the IP address in the first IP address table corresponding to the station comprises: determining whether the first IP address table corresponding to the station exists; in response to a determination that the first IP address table corresponding to the station exists, recording the IP address not used by another station in the first IP address table corresponding to the station; and in response to a determination that the first IP address table corresponding to the station does not exist, generating the first IP address table corresponding to the station, and recording the IP address in the generated first IP address table corresponding to the station.
When the access point records the IP address in the station's IP address table, as described in Claim 1, it first checks if an IP address table already exists for that station. If a table exists, the valid IP address is added to it. If no table exists, the access point creates a new IP address table for the station and then adds the valid IP address to the newly created table.
7. The method of claim 1 , further comprising: learning, by the access device, a lifetime corresponding to the IP address assigned to the station; recording the IP address and the lifetime corresponding to the IP address in a first lifetime table corresponding to the station; periodically checking whether the lifetime in the first lifetime table has expired; and in response to a determination that the lifetime in the first lifetime table has expired, cancelling a record of the IP address corresponding to the expired lifetime in the first lifetime table, and notifying the managing device.
Expanding on Claim 1, the access point also learns the lease time (or lifetime) associated with the IP address assigned to the station. It records both the IP address and its lifetime in a separate lifetime table for that station. The access point periodically checks the lifetime table for expired entries. When a lifetime expires, the corresponding IP address record is removed from the lifetime table, and the management device is notified about this expiry.
8. An access device to be applied in a Wireless Local Area Network (WLAN), comprising: an Internet Protocol (IP) address learning logic circuit to learn an IP address assigned to a station; a synchronizing logic circuit to send the IP address to a managing device that is managing the access device and receive a determination of whether the IP address is used by another station from the managing device; an IP address recording logic circuit to, in response to the determination from the managing device indicating that the IP address is not used by another station, record the IP address in a first IP address table corresponding to the station; and an IP address verifying logic circuit to receive a data packet from the station and to verify whether to forward the data packet sent by the station based upon whether a source IP address carried in the data packet is included in the first IP address table.
An access device in a Wi-Fi network includes several logic circuits. An IP address learning logic circuit identifies the IP address assigned to a station. A synchronizing logic circuit sends this IP address to a management device for verification against other stations. An IP address recording logic circuit stores the validated IP address (confirmed as unique) in an IP address table linked to the station. An IP address verifying logic circuit then inspects incoming data packets from the station, checking if the source IP address is present in the station's IP address table to determine if the packet should be forwarded.
9. The access device of claim 8 , further comprising: a source Media Access Control (MAC) address verifying logic circuit to perform source MAC address verification for the data packet, wherein the IP address verifying logic circuit is to verify the data packet after the data packet has passed the source MAC address verification.
In addition to the access device described in Claim 8, a MAC address verification logic circuit performs MAC address filtering. The IP address verifying logic circuit only checks the IP address of a packet if the packet has already passed the MAC address verification.
10. The access device of claim 8 , wherein the IP address recording logic circuit is to forward the data packet in response to the source IP address being included in the first IP address table; and wherein the IP address recording logic circuit is to not forward the data packet in response to the source IP address not being included in the first IP address table.
Referring to the access device described in Claim 8, the IP address recording logic circuit controls packet forwarding. If the source IP address of a packet is found in the station's allowed IP address table, the packet is forwarded. If the source IP is not in the table, the packet is not forwarded, effectively blocking it.
11. The access device of claim 10 , wherein the IP address verifying logic circuit is further to discard the data packet in response to the source IP address not being included in the first IP table; and the access device further comprises: a discarded packet recording logic circuit to record the number of discarded data packets corresponding to the station, determine whether the number of the discarded data packets is larger than a preset threshold in a preset time period, and determine that the station is an illegal user in response to a determination that the number of discarded data packets is larger than the preset threshold in the preset time period.
Expanding on the access device described in Claim 10, if an incoming data packet's source IP is not found in the allowed IP address table, the IP address verifying logic circuit discards the packet. A discarded packet recording logic circuit increments a counter for that station. If the number of discarded packets for a station exceeds a set threshold within a time period, the discarded packet recording logic circuit flags the station as an illegal user.
12. The access device of claim 8 , wherein the IP address learning logic circuit is further to learn a lifetime corresponding to the IP address assigned to the station; the IP address recording logic circuit is further to record the IP address and the lifetime corresponding to the IP address in a first lifetime table; and the access device further comprises: a lifetime checking logic circuit to periodically check whether the lifetime in the first lifetime table expires, and in response to a determination that the lifetime in the first lifetime table has expired, cancel a record of the IP address corresponding to an expired lifetime in the first lifetime table, and notify the managing device of the expired lifetime.
Building on the access device described in Claim 8, the IP address learning logic circuit also obtains the lifetime of an IP address. The IP address recording logic circuit records both the IP address and its lifetime in a lifetime table. A lifetime checking logic circuit periodically scans the lifetime table. When an IP address's lifetime expires, the expired IP address is removed from the table, and the managing device is notified.
13. The access device of claim 12 , wherein: the synchronizing logic circuit is further to send the lifetime corresponding to the IP address to the managing device; and the access device further comprises: a roaming processing logic circuit to send a roaming notification to the managing device when a roaming station accesses the access device, and to receive and record an IP address assigned to the roaming station and a lifetime corresponding to the IP address assigned to the roaming station.
In addition to the access device described in Claim 12, the synchronizing logic circuit sends the lifetime of the IP address to the management device. A roaming processing logic circuit sends a roaming notification to the management device when a roaming station connects to the access point and receives and records the IP address and its lifetime associated with the roaming station.
14. The access device of claim 8 , further comprising: an updating logic circuit to update the IP address of the station and notify the managing device when snooping for the IP address of the station indicates that the IP address of the station has changed.
Besides the components in the access device described in Claim 8, an updating logic circuit monitors IP addresses. If the system detects a change in a station's IP address through snooping (monitoring network traffic), the updating logic circuit updates the stored IP address for that station and notifies the management device of the change.
15. A non-transitory computer readable storage medium on which is stored machine readable instructions that when executed by a processor cause the processor to: learn an Internet Protocol (IP) address assigned to a station; determine whether the IP address is used by another station; in response to a determination that the IP address is not used by another station, record the IP address in a first IP address table corresponding to the station; in response to a determination that the IP address is used by another station, cancel a record of the IP address as being associated with the station; receive a data packet having a source IP address from the station; and determine whether to forward the data packet sent by the station based upon whether the source IP address of the data packet is included in the first IP address table.
A non-transitory computer-readable storage medium contains instructions for managing device verification. The instructions cause the processor to learn a station's IP address and verify if the IP address is in use by another station. If the IP is unique, it is recorded in an IP address table. If the IP is a duplicate, any record of the IP address being associated with the station is cancelled. The processor receives data packets from the station and allows data packet forwarding if the source IP address is found in the IP address table.
16. The non-transitory computer readable storage medium of claim 15 , wherein the machine readable instructions are further to cause the processor to: perform a source Media Access Control (MAC) address verification; and to determine whether to forward the data packet sent by the station after the data packet passes the MAC address verification.
In addition to the instructions in Claim 15, the storage medium includes instructions to perform a MAC address verification on incoming packets. The determination of whether to forward the packet, based on IP address, only happens *after* the packet successfully passes MAC address verification.
17. The non-transitory computer readable storage medium of claim 15 , wherein the machine readable instructions are further to cause the processor to: forward the data packet in response to the source IP address being included in the first IP address table; and not forwarding the data packet in response to the source IP address not being included in the first IP address table.
Based on Claim 15, the storage medium's instructions direct the processor to forward a data packet if its source IP is found in the IP address table. If the source IP is not in the table, the data packet is blocked and not forwarded.
18. The non-transitory computer readable storage medium of claim 17 , wherein the machine readable instructions are further to cause the processor to: in response to the source IP address not being included in the first IP table: discard the data packet; record a number of discarded data packets corresponding to the station; determine whether the number of the discarded data packets corresponding to the station is larger than a preset threshold in a preset time period, and in response to the number of the discarded data packets corresponding to the station being larger than the preset threshold in the preset time period, identify the station as an illegal user.
Expanding on Claim 17, the instructions in the storage medium cause the processor to discard data packets with unrecognized source IP addresses (not in the table). The processor then increments a discarded packet counter for that station. If this counter exceeds a threshold within a set time period, the storage medium directs the processor to classify the station as an "illegal user."
19. The non-transitory computer readable storage medium of claim 15 , wherein to record the IP address in the first IP address table corresponding to the station, the machine readable instructions are further to cause the processor to: determine whether the first IP address table corresponding to the station exists; in response to a determination that the first IP address table corresponding to the station exists, record the IP address not used by another station in the first IP address table corresponding to the station; and in response to a determination that the first IP address table corresponding to the station does not exist, generate the first IP address table corresponding to the station, and recording the IP address in the generated first IP address table corresponding to the station.
According to Claim 15, when the processor records the IP address in the IP address table, the instructions first determine if a table exists for that station. If the table exists, the valid IP address is added. If the table doesn't exist, the processor creates a new table for that station and adds the IP address to the newly created table.
20. The non-transitory computer readable storage medium of claim 15 , wherein the machine readable instructions are further to cause the processor to: learn a lifetime corresponding to the IP address assigned to the station; record the IP address and the lifetime corresponding to the IP address in a first lifetime table corresponding to the station; periodically check whether the lifetime in the first lifetime table has expired; and in response to a determination that the lifetime in the first lifetime table has expired, cancel a record of the IP address corresponding to the expired lifetime in the first lifetime table, and notifying the managing device.
Expanding on the instructions described in Claim 15, the storage medium includes instructions for the processor to learn and record the lease time (or lifetime) associated with an IP address in a lifetime table along with the IP address. The processor periodically checks the lifetime table, and if a lifetime has expired, the record of the expired IP address is removed, and the management device is notified of the expiration.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 22, 2011
August 8, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.